Now that Symbiot, Inc. has released information on its plans to enable companies to
counterattack digital threats, some security analysts have stepped up their concerns that
it could cause more problems than it solves.

Symbiot's founders are looking to fight back against hackers, virus writers and
denial-of-service attacks by launching counterattacks. It's no longer enough to protect a
company's perimeter, they say; it's time for the attacked to become the attackers.

But members of the security community are raising concerns that striking back at attackers
not only leaves the company open to legal problems, but could double the strain on
associated networks, ISPs and Internet hubs. They also say it aims the guns directly at
innocent victims of computer viruses.

''Vigilantism didn't work in the wild west and electronic vigilantism is likely to be just
as distasteful,'' says George Bakos, a senior security expert with the Institute for
Security Technology Studies at Dartmouth College. ''The desire to take action does not
justify contributing to the problem... At what point does the escalation stop?''

Nearly a month ago, Symbiot, which is based in Austin, Texas, announced it would be
releasing its first product, the Intelligent Security Infrastructure Management Systems
platform (iSIMS). The platform, geared to work with existing security tools, such as
firewalls and VPNs, is designed to model threats coming into the network and raise alerts
about serious attacks.

However, what had people talking was the company's claim that it was going to enable
counterstrikes. But details of what those strikes would entail weren't released until late
last week.

The Counterstrikes

In a written statement, Symbiot executives say there are many levels of response that can
be used against an attacker. Before there would be any response, however, they say the
software would check several things, such as risk metrics, reconnaissance, surveillance and
confirming identification.

Once that is done, if the intensity, duration and effect of the attack is great enough, the
corporate IT or security manager can use countermeasures. Those countermeasures go from
benignly blocking traffic or diverting traffic to more aggressive maneuvers like sending
the packet content used in the attack back at the attacker.

But the tool goes one step further.

It also enables the IT or security manager to obtain access privileges on the attacker's
system and then go in and disable, destroy or seize control of his assets.
The IT manager also could launch a counterstrike that would send exploits specific to
vulnerabilities on the attacker's machine.

And, finally, the software allows for preemptive strikes on a source known to be
orchestrating attacks. ''This retaliation could be far in excess of the attack that the
aggressor has underway,'' according to a written statement on the Symbiot Web site.

Symbiot executives could not be reached for this story, but there is a warning posted on
the site about legal issues involved with launching an attack. ''Symbiot is continually evaluating the legal aspects of these more aggressive
countermeasures... We stress that our customers should obtain appropriate advice and
information to make decisions that will not violate applicable laws. In some instances,
availability of these countermeasures may be restricted.''

To hear why some analysts are calling the plan dangerous, continue on to the next page...